diff --git a/CHANGES b/CHANGES
index 0772e483a6..f1cc2cd75e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4036.	[bug]		Make call to open a temporary file name safe during
+			NZF creation. [RT #38331]
+
 4035.	[bug]		Close temporary and NZF FILE pointers before moving
 			the former into the latter's place, as required on
 			Windows. [RT #38332]
diff --git a/bin/named/server.c b/bin/named/server.c
index 4876c6ef80..d298f15bcd 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -9197,7 +9197,7 @@ nzf_remove(const char *nzfile, const char *viewname, const char *zonename) {
 
 		/* Create a temporary file */
 		CHECK(isc_file_template("", "nzf-XXXXXXXX", tmp, sizeof(tmp)));
-		CHECK(isc_stdio_open(tmp, "w", &ofp));
+		CHECK(isc_file_openunique(tmp, &ofp));
 		CHECK(add_comment(ofp, viewname));
 
 		/* Look for the entry for that zone */
diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index 74fdd4cbad..694f25d41f 100644
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -256,14 +256,13 @@ isc_file_template(const char *path, const char *templet, char *buf,
 	return (ISC_R_SUCCESS);
 }
 
-static char alphnum[] =
+static const char alphnum[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 
 isc_result_t
 isc_file_renameunique(const char *file, char *templet) {
 	char *x;
 	char *cp;
-	isc_uint32_t which;
 
 	REQUIRE(file != NULL);
 	REQUIRE(templet != NULL);
@@ -276,6 +275,8 @@ isc_file_renameunique(const char *file, char *templet) {
 
 	x = cp--;
 	while (cp >= templet && *cp == 'X') {
+		isc_uint32_t which;
+
 		isc_random_get(&which);
 		*cp = alphnum[which % (sizeof(alphnum) - 1)];
 		x = cp--;
@@ -321,7 +322,6 @@ isc_file_openuniquemode(char *templet, int mode, FILE **fp) {
 	isc_result_t result = ISC_R_SUCCESS;
 	char *x;
 	char *cp;
-	isc_uint32_t which;
 
 	REQUIRE(templet != NULL);
 	REQUIRE(fp != NULL && *fp == NULL);
@@ -334,6 +334,8 @@ isc_file_openuniquemode(char *templet, int mode, FILE **fp) {
 
 	x = cp--;
 	while (cp >= templet && *cp == 'X') {
+		isc_uint32_t which;
+
 		isc_random_get(&which);
 		*cp = alphnum[which % (sizeof(alphnum) - 1)];
 		x = cp--;
diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c
index 3f357aa165..f3fe0a8277 100644
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@@ -33,6 +33,7 @@
 #include <isc/file.h>
 #include <isc/mem.h>
 #include <isc/print.h>
+#include <isc/random.h>
 #include <isc/result.h>
 #include <isc/sha2.h>
 #include <isc/stat.h>
@@ -42,6 +43,9 @@
 
 #include "errno2result.h"
 
+static const char alphnum[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
 /*
  * Emulate UNIX mkstemp, which returns an open FD to the new file
  *
@@ -50,7 +54,6 @@ static int
 gettemp(char *path, isc_boolean_t binary, int *doopen) {
 	char *start, *trv;
 	struct stat sbuf;
-	int pid;
 	int flags = O_CREAT|O_EXCL|O_RDWR;
 
 	if (binary)
@@ -58,11 +61,12 @@ gettemp(char *path, isc_boolean_t binary, int *doopen) {
 
 	trv = strrchr(path, 'X');
 	trv++;
-	pid = getpid();
 	/* extra X's get set to 0's */
 	while (*--trv == 'X') {
-		*trv = (pid % 10) + '0';
-		pid /= 10;
+		isc_uint32_t which;
+
+		isc_random_get(&which);
+		*trv = alphnum[which % (sizeof(alphnum) - 1)];
 	}
 	/*
 	 * check the target directory; if you have six X's and it